Introduction In this post, we will learn about portable or relocatable eBPF programs. You might wonder, can we not just copy our compiled program to another machine with the same CPU architecture and run it like any other program? Well, usually not. eBPF programs are more unique and rightfully so. They run directly in the kernel space and miss out on some of the help and abstractions that normal programs benefit from.| thegraynode.io
My Journey This section is about my background. Feel free to skip to the next one to read about eBPF. I started off my career as a network engineer and soon after, got into security. My fascination with optimizing networks and troubleshooting them paved the way to not be afraid of capturing packets using Wireshark or TCPDUMP and diving into them to fish out issues. Studying and working with all these concepts, protocols and the ability to influence and modify network traffic felt amazing and ...| thegraynode.io
Mounting¶| docs.kernel.org
Introduction In this post we will write the user space part of our eBPF program, flat to calculate and display the network latency using the data we gather in the kernel space program. Make sure to check out the previous posts to be able to follow the details of this article. eBPF primer Setup an eBPF Development Environment Building an Efficient Network Flow Monitoring Tool with eBPF - Part 1 Network Headers Building an Efficient Network Flow Monitoring Tool with eBPF - Part 2 I have made so...| thegraynode.io
Introduction In this post we will pick up where we left off and write the backend or kernel space eBPF code for our program, flat to monitor the network latency in a very efficient way. Make sure to check the previous posts to get up to speed with what we are about to build. eBPF primer Setup an eBPF Development Environment Building an Efficient Network Flow Monitoring Tool with eBPF - Part 1 Network Headers The Big Picture As described in part 1 of this series, our kernel space code needs to...| thegraynode.io
Network Headers While writing the part two of Building an Efficient Network Flow Monitoring Tool with eBPF, I felt the need to visualize and lay out a foundation on how packet headers are defined in the Linux kernel to make it easier to grasp the concepts there. Initially, I was embedding the contents of this blog there but I noticed it would turn into a pretty long or perhaps a boring read.| thegraynode.io
Overview ¶| pkg.go.dev
Introduction In this post we will learn about the big picture and how to structure our eBPF program named flat to monitor network latency. We will mostly talk about preliminaries and write a very minimal eBPF program to get a feel of how things work together. Make sure to check the previous posts to get up to speed with what we are about to build. eBPF primer Setup an eBPF Development Environment The Plan In order to measure the latency of network traffic, we need to match the related ingress...| thegraynode.io
Introduction In the previous post, I wrote about what eBPF is and the network latency tool that we are going to write. This post will walk you through the tools you need to follow along. Preliminary Requirements Let’s quickly discuss what we need to start. The Operating System And Hardware I have chosen to go with an Ubuntu 20.04.6 LTS machine with these specs: 4GB RAM Intel CPU with 2 cores Don’t stress over the hardware.| thegraynode.io
2.2 Type Encoding¶| www.kernel.org
func Copy ¶| pkg.go.dev